“The credentials supplied to the package were not recognized” error when authenticating as server with certificate generated using BouncyCastle

Question

I\'m trying to create a certificate using the BouncyCastle.Crypto dll, which is then used to authenticate a SslStream as the server in a Windows Service process, which runs

Answer 1

I had the similar issue when calling a WCF REST service from .NET application where I need to attach the client certificate; All I had to do was provide access to the certificate in cert store[mmc console] to the "NETWORKSERVICE] off course my IIS Pool was default pool which indicates its using NETWORKService user account.

the mistake that I did was, I copied the cert from another store to Local Machine -> Personnel store where the certificate was protected with password. should import the certificate explicitly in required store.

Answer 2

That particular error message rings a bell. I'll guess that either you did not store the private key with the certificate, or, the Windows service does not have access to the private key. To check this, open the Certificates MMC snap-in:

1. Run mmc (e.g. from the Start menu)
2. File menu > Add/Remove Snap-in
3. Select "Certificates" in left pane and then click Add
4. Select "Computer Account" (for LocalMachine) then click Next, and then Finish

Navigate to the certificate and double-click in the right pane. On the General tab that comes up, you should see a little key icon at the bottom, along with the text, "You have a private key that corresponds to this certificate." If not, that's the problem. The private key was not saved.

If the private key is present, click Ok to dismiss this dialog, and then right-click on the certificate in the right pane and select on the pop-up menu: All Tasks > Manage Private Keys. In that dialog, make sure that the Windows account that the service runs under has read access to the private key. If it doesn't, that's the problem.

Edit: Oops, you wrote that the service runs as Local System, so it must be a missing private key, if it is one of these two problems. I'll leave the key access check in my answer anyway, for anybody else that hits this and is not running as Local System.